Smart contract whitelisting
Last updated
Last updated
A small minority of smart contracts represent the bulk of all transactions and interactions.
Meanwhile, some smart contracts are known to be dangerous. This includes exploited dApps, fraudulent forks, and contracts with known vulnerabilities.
Finally, some smart contracts do not have an open Solidity code, only the bytecode. While it’s possible to use a decompiler, this could be a red flag, signaling that a smart contract might not actually do what is described on the accompanying glossy marketing website.
To alleviate these risks and effortlessly inform the user, the Aurox Wallet categorizes any smart contract into different lists based on its security profile.
This includes the contracts of well-known dApps such as Uniswap, OpenSea, 1inch, etc. If the user ends up on a spoofed website masquerading as a well-known dApp, the wallet will recognize that its contract is not in the whitelist.
This includes all smart contracts with open, verified Solidity code that is not part of the whitelist. While it’s impossible to automatically asses what the contract does, it at least lets anyone verify key parameters and search for key features (e.g. lockup).
Smart contracts that do not have open Solidity code and only include bytecode are potentially dangerous and are assigned to the orange list. The user can still interact with them but should be aware of the risks.
This includes hacked dApps, scams, and other dangerous contracts. The user will see a warning when trying to interact with these smart contracts.